High severityNVD Advisory· Published Mar 25, 2022· Updated May 6, 2025
CVE-2018-25032
CVE-2018-25032
Description
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nokogiriRubyGems | < 1.13.4 | 1.13.4 |
Affected products
100- osv-coords99 versionspkg:apk/chainguard/minizippkg:apk/chainguard/zlibpkg:apk/chainguard/zlib-devpkg:apk/chainguard/zlib-docpkg:apk/chainguard/zlib-staticpkg:apk/wolfi/minizippkg:apk/wolfi/zlibpkg:apk/wolfi/zlib-devpkg:apk/wolfi/zlib-docpkg:apk/wolfi/zlib-staticpkg:gem/nokogiripkg:rpm/almalinux/mingw32-zlibpkg:rpm/almalinux/mingw32-zlib-staticpkg:rpm/almalinux/mingw64-zlibpkg:rpm/almalinux/mingw64-zlib-staticpkg:rpm/almalinux/rsyncpkg:rpm/almalinux/rsync-daemonpkg:rpm/almalinux/zlibpkg:rpm/almalinux/zlib-develpkg:rpm/almalinux/zlib-staticpkg:rpm/opensuse/freetype2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ghostscript&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mariadb&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mupdf&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/mupdf&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/perl-Compress-Raw-Zlib&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python39&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ruby3.2-rubygem-nokogiri&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-nokogiri&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/zlib&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/mariadb&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/mariadb&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/mariadb&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/mariadb&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/mupdf&distro=SUSE%20Package%20Hub%2015%20SP4pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/zlib&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/zlib&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/zlib&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/zlib&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/zlib&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/zlib&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/zlib&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/zlib&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/zlib&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/zlib&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 1.2.13-r1+ 98 more
- (no CPE)range: < 1.2.13-r1
- (no CPE)range: < 1.2.13-r1
- (no CPE)range: < 1.2.13-r1
- (no CPE)range: < 1.2.13-r1
- (no CPE)range: < 1.2.13-r1
- (no CPE)range: < 1.2.13-r1
- (no CPE)range: < 1.2.13-r1
- (no CPE)range: < 1.2.13-r1
- (no CPE)range: < 1.2.13-r1
- (no CPE)range: < 1.2.13-r1
- (no CPE)range: < 1.13.4
- (no CPE)range: < 1.2.8-10.el8
- (no CPE)range: < 1.2.8-10.el8
- (no CPE)range: < 1.2.8-10.el8
- (no CPE)range: < 1.2.8-10.el8
- (no CPE)range: < 3.1.3-14.el8
- (no CPE)range: < 3.1.3-14.el8
- (no CPE)range: < 1.2.11-18.el8_5
- (no CPE)range: < 1.2.11-18.el8_5
- (no CPE)range: < 1.2.11-18.el8_5
- (no CPE)range: < 2.12.1-1.1
- (no CPE)range: < 10.02.1-1.1
- (no CPE)range: < 10.9.3-1.1
- (no CPE)range: < 1.20.3-bp154.2.3.1
- (no CPE)range: < 1.19.1-1.1
- (no CPE)range: < 2.213-1.1
- (no CPE)range: < 3.9.13-1.1
- (no CPE)range: < 1.13.9-1.7
- (no CPE)range: < 1.13.4-1.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 10.4.26-150200.3.31.1
- (no CPE)range: < 10.4.26-150200.3.31.1
- (no CPE)range: < 10.4.26-150200.3.31.1
- (no CPE)range: < 10.4.26-150200.3.31.1
- (no CPE)range: < 10.4.26-150200.3.31.1
- (no CPE)range: < 10.4.26-150200.3.31.1
- (no CPE)range: < 10.4.26-150200.3.31.1
- (no CPE)range: < 10.4.26-150200.3.31.1
- (no CPE)range: < 10.4.26-150200.3.31.1
- (no CPE)range: < 1.20.3-bp154.2.3.1
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
- (no CPE)range: < 1.2.8-12.6.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.7-0.17.3.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.7-0.17.3.1
- (no CPE)range: < 1.2.8-12.6.1
- (no CPE)range: < 1.2.8-12.6.1
- (no CPE)range: < 1.2.8-12.6.1
- (no CPE)range: < 1.2.11-3.6.1
- (no CPE)range: < 1.2.11-11.19.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.8-12.6.1
- (no CPE)range: < 1.2.11-3.6.1
- (no CPE)range: < 1.2.11-11.19.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.11-11.19.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.11-150000.3.30.1
- (no CPE)range: < 1.2.8-12.6.1
- (no CPE)range: < 1.2.11-3.6.1
- (no CPE)range: < 1.2.8-12.6.1
- (no CPE)range: < 1.2.11-3.6.1
Patches
Vulnerability mechanics
References
41- github.com/advisories/GHSA-jc36-42cf-vqwjghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2018-25032ghsaADVISORY
- security.gentoo.org/glsa/202210-42ghsavendor-advisoryWEB
- www.debian.org/security/2022/dsa-5111ghsavendor-advisoryWEB
- seclists.org/fulldisclosure/2022/May/33ghsamailing-listWEB
- seclists.org/fulldisclosure/2022/May/35ghsamailing-listWEB
- seclists.org/fulldisclosure/2022/May/38ghsamailing-listWEB
- www.openwall.com/lists/oss-security/2022/03/25/2ghsamailing-listWEB
- www.openwall.com/lists/oss-security/2022/03/26/1ghsamailing-listWEB
- cert-portal.siemens.com/productcert/pdf/ssa-333517.pdfghsaWEB
- github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531ghsaWEB
- github.com/madler/zlib/compare/v1.2.11...v1.2.12ghsaWEB
- github.com/madler/zlib/issues/605ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-25032.ymlghsaWEB
- github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5ghsaWEB
- lists.debian.org/debian-lts-announce/2022/04/msg00000.htmlghsamailing-listWEB
- lists.debian.org/debian-lts-announce/2022/05/msg00008.htmlghsamailing-listWEB
- lists.debian.org/debian-lts-announce/2022/09/msg00023.htmlghsamailing-listWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUFghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADBghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77FghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5YghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WUghsaWEB
- security.netapp.com/advisory/ntap-20220526-0009ghsaWEB
- security.netapp.com/advisory/ntap-20220729-0004ghsaWEB
- support.apple.com/kb/HT213255ghsaWEB
- support.apple.com/kb/HT213256ghsaWEB
- support.apple.com/kb/HT213257ghsaWEB
- www.openwall.com/lists/oss-security/2022/03/24/1ghsaWEB
- www.openwall.com/lists/oss-security/2022/03/28/1ghsaWEB
- www.openwall.com/lists/oss-security/2022/03/28/3ghsaWEB
- www.oracle.com/security-alerts/cpujul2022.htmlghsaWEB
- security.netapp.com/advisory/ntap-20220526-0009/mitre
- security.netapp.com/advisory/ntap-20220729-0004/mitre
News mentions
0No linked articles in our index yet.